Drop'ed is a sophisticated automation suite built for the Concordia Deckathon 2026. It is designed to navigate the complex "Concordia Deckathon" student portal, solving over 12 unique anti-bot challenges and CAPTCHAs to automate the student dropout process.
The project consists of three main components:
- Automation Core: A high-performance pure API script (
pureApiDropout.js). - Desktop Application: A user-friendly Electron app for easy execution (
frontend/). - Landing Page: A marketing website for the tool (
website/).
For the fastest exection, run the file pureApiDropout.js directly. This script uses a direct API approach, using only the browser for showing the completed drop out message.
-
Install Dependencies
npm install
-
Configure Environment Create a
.envfile in the root directory (copy fromenv_example.env):GEMINI_API_KEY=your_gemini_api_key_here CHROME_PATH=C:\Program Files\Google\Chrome\Application\chrome.exe
Note: A valid Gemini API key is required for solving the Face CAPTCHA modules.
-
Run the Script
node pureApiDropout.js
We provide a standalone desktop application for a simpler user experience.
Location: /frontend
cd frontend
npm install
npm run devTo create a standalone .exe file that you can share:
cd frontend
npm run packThis generates frontend/dist/Dropped 1.0.0.exe.
The project includes a promotional landing page.
Location: /website
cd website
npm install
npm run devThis tool automates the entire student lifecycle in the challenge environment:
- Account Creation: Generates random credentials and registers via API.
- Authentication:
- Login: Bypasses logic puzzles and CAPTCHAs.
- MFA: Intercepts OTP codes sent to the user's email.
- Class Management: Identifies enrolled classes and drops them via API.
- Financials: Checks balance and performs credit card payments if there are outstanding fees.
- Dropout: Finalizes the dropout process after solving the "Pretty Faces" verification.
The script successfully navigates 12 distinct verification modules:
| Module | Method | Description |
|---|---|---|
| Verify Email | API |
Automates the "VERIFY" typing challenge. |
| Please Wait | API |
Detects progress bar completion serverside. |
| Keyboard Test | API |
Simulates randomized human keypress events. |
| Bot Detection | API |
Identifies the correct button vs. bait checkboxes. |
| System Update | API |
Simulates hover events on the "X" button. |
| Select Location | API |
Hierarchical selection (Canada -> QC -> Montreal). |
| Hidden Button | DOM |
Locates 0-opacity elements and triggers click events. |
| Identity Check | Gen |
Generates valid-format SSN strings. |
| Newsletter | API |
Types "UNSUBSCRIBE" confirmation. |
| Terms & Cond. | API |
Simulates scroll-to-bottom event before accepting. |
We employ a multi-modal approach to solving the varied CAPTCHAs:
- Pixel Analysis (Logos): We use
sharpto analyze pixel brightness histograms to detect white/black center pixels in logo grids. - Generative AI (Crowds): We utilize Google's Gemini Flash 1.5 to visually identify humans in the "Select all images with people" challenges.
- Brute Force (Final): For the final challenge, we use a parallelized batching strategy to brute-force the 512 possible combinations (2^9) in seconds.
- Node.js: Core runtime.
- Electron: Desktop GUI framework.
- Puppeteer Real Browser: For mimicking human fingerprints and evading detection.
- Google Gemini AI: For vision-based CAPTCHA solving.
- Sharp: High-performance image processing.
- React + Vite: Frontend framework for the website and electron app.
Made with love for ConUHacks 2026